class Admin::PasswordsController < ApplicationController
  layout "admin"
  before_action :authenticate_admin!

  def edit
    @user = current_admin
  end

  def update
    @user = Admin.find(current_admin.id)
    if @user.update_with_password(user_params)
      # Sign in the user by passing validation in case their password changed
      bypass_sign_in(@user)
      flash[:notice] = '修改密码成功'
      redirect_to '/admin/index'
    else
      render "edit"
    end
  end

  private

  def user_params
    # NOTE: Using `strong_parameters` gem
    params.require(:admin).permit(:current_password, :password, :password_confirmation)
  end
end
